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allocation of a unique network address to the mobile terminal (104), determination 
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METHOD FOR ESTABLISHING A DATA CONNECTION WITH A MOBILE TERMINAL USING A LOCAL AND A 
UNIQUE NETWORK ADDRESS 

TECHNICAL FIELD 

5 

The present invention relates to procedures and devices for 
control of data connections with a user terminal in a 
digital mobile communication network. 

10 

BACKGROUND 

In order to meet an increasing demand for data 
communication, the development of digital mobile 
15 communication systems has been forced in a direction to 
make possible more or less direct «et up of mobile 
terminals to the Internet. An example of this is the so 
called General Packet Radio Service (-GPRS) . 

20 GPRS is a data service within the frames of the mobile 

communication standard GSM and is, as the name implies, a 
packet switching data service, which essentially makes 
possible for users of mobile terminals in -GSM-networks to 
communicate with resources on the Internet according to 

25 standardised data communication protocols. Within the field 
of the present invention, communication according to 
Internet Protocol (IP) is of special interest. 

The IP-standard stipulates that data communication shall be 
30 made in form of addressed packets, IP packets, which are 
transmitted from a transmitting computer to a receiving 
computer via a non-predetermined route through a network of 
computers in between that connects the transmitting 
computer and the receiving computer. Owing to exactly the 
35 fact that the IP-packets do not follow a predetermined 
route, all computers in between in the connecting network 
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must read and interpret the address of each of the IP- 
packets that are passing to find out whether the addressee 
is just the reading computer. This is a designed 
characteristic of the way to communicate according to the 

5 IP-standard. Even if it apparently implies a large amount 
of unnecessary processing of data packets , it among other 
things implies an advantage that the transmission of data 
packets with a high degree of security will function 
independent of breaks in parts of the network located in 

10 between. 

Connection of mobile data terminals, which are given . 
possibility to communicate by means of the IP-protocol on 
the other hand results in that an important aspect must be 
15 considered: the mobility itself of the terminal. 

The mobility certainly implies well known advantages, but 
the resources that need to be at hand in order to transmit 
information via a radio interface , in relation to 

20 transmission via a terrestrial interface, are usually much 
more limited and by that more expensive. To regard a mobile 
data terminal as a part of an IP-network consequently means 
that the utilisation of the radio resources should be 
carefully considered. There consequently is an interest to 

25 minimise not wanted data traffic to the mobile terminal. 

Further, the mobility has the self-evident effect that the 
terminals not always are within range of communication in 
the radio network. A terminal can from time to time be in 

30 very different locations, connected to different radio 

networks, where the accumulation of other mobile terminals 
can be of very different size. This results in that the, 
according to the IP-standard, limited IP-address space 
limits the number of simultaneously, to the radio network, 

35 connected mobile terminals. 
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With the above presented background, it consequently is a 
general problem to, with an efficient utilisation of 
resources, make possible set up of data -connections with a 
mobile data terminal in a mobile network. 

5 

DESCRIPTION OF THE INVENTION 

One aim of the present invention is to present a solution 
10 of a problem with efficient utilisation of resources at set 
up of data connections with a mobile data terminal in a 
mobile network. 

The invention presents a procedure and a device that, with 
15 their respective characteristics, describe how control of 
set up of data connections with the mobile terminal solves 
this problem. 

In some more details are shown a procedure and a device to 
20 establish a data connection with a mobile terminal in a 
digital mobile network, at which the mobile network is in 
connection with data processing resources in a local 
network. The procedure includes steps that are performed by 
the data processing resources. These steps include: 
25 - allocation of a local network address to the mobile 

terminal, 

- allocation of a unique network address to the mobile 
terminal, 

- determination of a relation -between the local 
30 network address and the unique network address, 

- reception of a request for a data connection to the 
unique network address, 

- set up of a data connection to the unique 

network address, at which the set up is performed depending 
35 on the relation between the local and the unique network 
address. 
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An advantage of the invention is that it makes possible 
direct connection of a mobile data terminal to an external 
data network, such as Internet without being limited by the 
to the number limited address space dictated by the IP- 
5 standard. 

One more advantage with the invention is that it makes 
possible for a user to, in a cost efficient way, utilise a 
mobile terminal for set up to, for instance, Internet. This 
10 is owing to that data traffic directed to the mobile 
terminal can be filtered already before the resource 
demanding radio interface, for instance by the 
characteristics of authentication of an incoming request 
according to the invention. 

15 

BRIEF DESCRIPTION OF FIGURES 

Figure 1 shows a schematic drawing of interconnected 
20 networks including devices according to the invention. 

Figure 2 shows a flow chart over a procedure according to 
the invention. 

25 Figure 3 shows schematically a table with information that 
is used according to the invention. 

PREFERRED EMBODIMENTS 

30 

Three interconnected digital communication networks 101, 
120, 103 are showing Figure 1. A mobile network 101 is 
capable of managing data communication according to the 
within the -GSM standardised data management service General 
35 Packet Radio Service fGPRS) . The mobile network 101 is, as 
other networks in Figure 1, very schematically illustrated. 
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This is intentionally, because data transmission generally 
in these types of data networks are regularised by 
standards such as GSM and IP, and consequently are well 
known by the expert. 

5 

Connected to the mobile network 101 is a number of 
communication units. A first mobile terminal 104 and a 
second mobile terminal 106, as well as a service node 117. 
The mobile terminals are, as is well known within the 

10 field, connected via radio interface 131, 132. Because this 
example is illustrated by a GPRS-network 101, it is implied 
that the radio interfaces 131,132 between the mobile 
terminals 104,106 and the mobile network 101 comply with 
the GSM-standard. The service node 117, which also serves 

15 according to the GPRS-standard, has the task to, among 

other things, control the access of mobile terminals to the 
mobile network 101, and to keep track of where the mobile 
terminals 104,106 are geographically. 

20 Connected to the mobile network 101 is a local data 

communication network 102 to which a number of resources 
for processing of data are connected. The function of these 
units will be further discussed below, in connection with a 
procedure according to the invention. In addition to the 

25 resources, there are to the local network 102 a local data 
terminal 118 connected. Implied is that communication 
between the different units complies with the, within the 
field well known, IP-standard. 

30 The local data communication network 102 is interconnected 
with an external data communication network 103, which in 
this example can implicitly be Internet, but can of course 
be further local networks or mobile networks. To the 
external data communication network 103 an external data 

35 terminal 105 is connected in, within the field, well known 
way according to the IP-protocol. 
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As a general overview of the embodiments that are presented 
here can be said that the invention is related to data 
connections, both between the first mobile terminal 104 and 
the external data terminal 105, and between the first 
5 mobile terminal 104 and the local data terminal 118, as 
well as between the first 104 and the second 106 mobile 
terminal. The main characteristics of the invention are 
essentially related to functions in the units that are 
interconnected in the local network 102. 

The mobile network 101 and the local network 102 are 
interconnected by an interconnection unit 107, which in 
GPRS is called "'Gateway GPRS Support Node (GGSN ) " , the main 
function of which is to forward/transmit IP data traffic 

15 between external networks and GPRS-networks, such as the 
mobile network 101. The interconnection unit 107 is also 
capable of forwarding/transmitting information about 
whether a mobile terminal 104,106 is activated or not. In 
this example is also shown that the interconnection unit 

20 107 has one more function in so far that a part of an 
address manager 109 is incorporated. 

The address manager 109 operates according to the IP- 
standard "Dynamic Host Configuration Protocol (DHCP)" and 

25 has as its main task to, in co-operation with a 

corresponding address manager 113 in the local network, 
transmit configuration information between units in the IP- 
based local network 102. An example of configuration 
information that is used in the present invention is -so 

30 called local IP-addresses, as will be discussed further in 
connection with a procedure illustrated in the Figures 2 
and 3 . 

The local network 102 and the external network 103 are in 
35 connection with each other via a firewall unit 108. The 
firewall unit 108 includes a number of functions, two of 
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which are indicated in the Figure. An address translator 
111 as, for instance, is specified in the IP-standard in a 
Network Address Translator (NAT) and a so called 
application proxy 115. 

5 

The address translator 111 has knowledge of a table that 
contains addresses in pairs to the units connected to the 
local network 102. On the one hand the local address, 
allocated the units for instance by the address manager 

10 113, and on the other a unique address accessible in the 
external network 103. The address translator transmits IP- 
traffic to and from the communicating units in such a way 
that request about data connections to the unique addresses 
of the units are translated into request about connections 

is with the corresponding local addresses of the units. 

The application proxy 115 functions as a filter for all 
traffic between the local network 102 and the external 
network 103. The filtering is made, as is known within the 
20 field, on application level so the proxy 115 easily can 

analyse which type of traffic that wants to go between the 
networks 102, 103 and, by means of suitable filtering 
conditions, let pass and stop not wanted data traffic. 

25 An example of a procedure according to the invention now 
will be described with reference to a flow chart in Figure 
2, the device in Figure 1, and a detailed illustration of a 
table in Figure 3. 

30 In an activation step 201 a GPRS-user activates the first 
mobile terminal 104 with the intention to set up a data 
connection with the external network 103. The first mobile 
terminal 104 signals via the first radio interface 131 and 
via the mobile network 101 to the service node 117. The 

35 service node 117 signals further to the interconnection 
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unit 108 that the GPRS-user wants connection to the local 
network 102. 

In an address allocation step 202, the interconnection unit 
5 108 has received the signal about wanted data connection, 

after which the address manager exchanges signals with the 

corresponding address manager 113 in the local network 102. 

This exchange between the address management units 109, 113 

results in that the first mobile terminal 1*04 is allocated 
10 one, for the local network 102, local address. This address 

is only applicable within the local network 102 and in the 

mobile network 101. 

In a connection step 203, a connection is set up with a 
15 service node for GPRS-users 112 {AGS-node 112) . The 

connection is established according to the IP-standard and 
is made by means of software in the mobile terminal 104 
that for instance can be of the type World Wide Web 
interface (WWW-interf ace) . 

20 

In an authentication step 204 is made, according to well 
known procedures, an exchange of, for instance, passwords 
between the users of the mobile terminal and the AGS-node. 
This of course in order to ensure that the GPRS-user has 
25 permission to establish connection to the local network 
102. Conditions for the connection to be allowed, that is 
positive authentication, can for instance be dependent on 
whether the user has a -GPRS-subscription or has paid 
his/her GPRS-subscription bill etc. 

30 

In a service list step 205, the 'GPRS-user creates or 
retrieves, for instance still connected via a WWW- 
interf ace, a list or table with information regarding 
access to the GPRS-user. More specifically, access relates 
35 to, for instance, conditions for the possibilities of 
external users to communicate with the GPRS-user's 
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terminal. Terminal 3 illustrates an example of such a list 
or table 300. 

As is shown in Figure 3, the local address 301 that has 
5 been allocated the mobile terminal 104 in the address 

allocation step 202 is connected to the table. Further, the 
table 300 contains lines 302, which contain access 
conditions that are entered, or retrieved from previously 
stored tables, by the GPRS-user. Each of the lines 302 
io contains information regarding the conditions of an 

external user to establish a data -connection with a GPRS- 
user 's address 301. 

In a first column 303 in the table 300 is stored the 
15 address to an intended external user, which, according to 
the IP-standard, suitable is in form of an IP-address for 
the external user's terminal 105. 

In a second column 304 in the table 300 is stored a 
20 designation of a service, which the intended external user 
shall be allowed to use. Examples of such services, which 
more generally can be designated type of data connection, 
is IP telephony, exchange of text messages and IQC etc. The 
representation in the table for the different types of data 
25 connections can of course be of various kind, in plain 
language or encoded. 

In a third column 305 in the table 300 is stored 
conditions, which can be associated with a service. 

30 Examples of conditions are upper limit of the amount of 
data that shall be allowed to be exchanged between the 
external terminal 105 and the GPRS-user's terminal 104, and 
time limiting conditions that for instance allow 
connections between certain indicated strokes of the clock. 

35 In the same way as for the information about the services 
in the second column 304, the representation of the 



WO 00/64104 



PCT/SEOO/00747 



10 



conditions are of optional nature, plain language or 
encoded. 

In a fourth column 306 in the table 3O0 are stored 
5 passwords for use in a coming authentication step (208 in 
Figure 2) . The passwords are encoded in a suitable way 
according to previously known technology. 

Referring back to Figure 2, the procedure will continue 
10 with a reception step 206. In the reception step 206 the 
AGS-node 112 receives a request about a data connection 
with the GPRS-user's terminal 104 from the external user's 
terminal 105, or the second GPRS-user's mobile terminal 
106. A request for connection includes at least the address 
15 for the requesting terminal 105, and information about 
which type of service or connection that is wanted. 
Examples of types of connections, or services, have been 
discussed above in connection with Figure 3. A detailed 
description of the content in a request is beyond the scope 
20 of this invention and is supposed to be of already known 
nature provided by the IP-standard. 

In an analysis step 207 the in the reception step 207 
received request for data connection is processed by 

25 comparisons being made with information stored in the table 
(300 in Figure 3). For instance is a requested type of data 
connection analysed by information in the second column 
(304 in Figure 3) of the table, to make it possible 
determine whether the requesting terminal 105,104 has 

30 access to the requested service or type of data connection. 
Further check can be made by condition information in the 
third column (305 in Figure 3) . 

Further, this analysis step includes a check of whether the 
35 mobile terminal 104 still is connected to the local network 
102. If such a check results in that connection is lacking, 
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the received request can be stored during a predetermined 
time in order to, on a later occasion, be analysed again 
when the mobile terminal 104 again is in contact with the 
local network 102. 

5 

In connection with this analysis 207 is further performed 
an authentication in an authentication step 208, at which 
password information in the table (300 in Figure 3) is 
compared with one by the external user given password. 

10 

After the analysis of the request for data .connection, is 
determined in a determination step 209 whether the 
requesting terminal 104,105 shall be allowed to, in a set 
up step 210, establish the requested data connection and by 
15 that utilise a requested service. The set up and exchange 
itself of data in the connection is made in, within the 
field, well known way and is consequently not described in 
detail within the frame of the present invention. 
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PATENT CLAIMS 

1. Procedure to establish a data connection with a -mobile 
terminal (104) in a digital mobile network (101), at which 
5 the mobile network (101) is connected to data processing 
resources in a local network (102), 

characterised in that the data processing 
resources perform the steps: 

- allocation (202) of a local network address to the 
10 mobile terminal <104), 

- allocation (202) of a unique network address to the 

mobile terminal (104) , 

- determination of a relation between the local 
network address and the unique network address, 

15 . reception (206) of a request for a data connection 

to the unique network address, 

- establishing (210) of a data connection to the 
unique network address, at which the set up 1210) is 
performed depending on the relation between the local and 

20 the unique network address. 

2. Procedure as claimed in patent claim 1, further 
characterised in that at least the -step to 
allocate the mobile terminal (104) a local network address 

25 is preceded by, and performed depending on, a step (201) 
that includes a detection of activation of the mobile 
terminal (104) . 

3. Procedure as claimed in any of the patent claims 1-2, 
30 at which request for data connection includes a request for 

at least one appointed type of data -connection, further 
characterised in that it also includes the 
step: 

determination (207) of whether the mobile 
35 terminal (104) is accessible for a data connection of the 
appointed type, and that the step to set up (210) the <data 
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connection to the unique network address also is made 
dependent on the accessibility. 

4. Procedure as claimed in patent claim 3, further 

5 characterised in that the determination (207) 
of whether the mobile terminal (104) is accessible for a 
data connection includes the step: 

- comparison of the appointed type of data -connection 
with a list of accessible types of data connections, and 

10 that the determination (207) is made dependent on the 
comparison. 

5. Procedure as claimed in any of the patent claims 1-4, 
further characterised in that is also includes 

15 the step: 

- identification (207) of an origin for request for a 
data connection, and that the set up (210) of the data 
connection is performed depending on the origin. 

20 6. Procedure as claimed in patent claim 5, further 
characterised in that identification of an 
origin for request for a data connection includes the step 

- comparison (207) of the identified origin with a 
list (300) over origins, the request of which about set up 

25 of data connection shall be allowed, and that the set up 
(210) is made depending on the -comparison. 

7. Procedure as -claimed in patent olaim 6, further 
characterised in that the -comparison of the 
30 origin with the list (300) over allowed origins includes 
the steps: 

. collection of a password from the origin, 

- comparison (208) of the collected password with a 
list of passwords (30€) associated with different origins, 

35 and that the set up (210) is made depending on the 
comparison. 
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8. Procedure as claimed in any of the patent claims 1-7, 
further characterised in that it includes the 
step: 

- storing of request for a data connection to the 
5 unique network address, at which the storing is made 

depending on the relation between the local and the unique 
network address. 

9. Procedure as claimed in patent claim 8, further 

10 characterised in that it includes the step: 

- deletion of the stored request for the data 
connection, at which the deletion is made depending on a 
predetermined measure of time. 

15 10. Device capable to set up a data connection with a 

mobile terminal (104) in a digital mobile network, at which 
the mobile network (101) is in connection with data 
processing resources in a local network, 
characterised in: 

20 - device (107) for allocation of a local network 

address to the mobile terminal (104), 

- device (111) for allocation of a unique network 
address to the mobile terminal (104), 

- device (111) for determination -of a relation between 
25 the local network address and the unique network address, 

- devices (111,112) for reception of a request for a 
data connection to the unique network address, 

- device (112) for establishing of a data connection 
to the unique network address depending on the relation 

30 between the local and the unique network address. 

11. Device as claimed in patent claim 10, further 
characterised in that at least the device 
(107), for allocating the mobile terminal (104) a local 
35 network address, includes devices for detection of 
activation of the mobile terminal (104) . 
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12. Device as claimed in any of the patent claims 10-11, 
at which request for data connection includes a request for 
at least one appointed type of data connection, further 
characterised in: 

5 - device (112) for determination of whether the mobile 

terminal (104) is accessible for a data connection of the 
appointed type. 

13. Device as claimed in patent claim 12, further 

io characterised in that the device (112) for 
determination of whether the mobile terminal (104) is 
accessible for a data connection includes: 

- device for comparison of the appointed type of data 
connection with a list (300) of accessible types of .data 

15 connections. 

14. Device as claimed in any of the patent claims 10-13, 
further characterised in: 

- device (112) for identification of an -origin for 
20 request for a data connection. 

15. Device as claimed in patent claim 14, further 
characterised in: 

- device (112) for comparison of the identified origin 
25 with a list over origins, the request of which about set up 

of data connection shall be allowed. 

16. Device as claimed in patent claim 15, further 
characterised in: 

30 - device (112) for collection of a password from the 

origin, 

- device (112) for comparison of the collected 
password with a list over passwords associated with 
different origins. 

35 
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17. Device as claimed in any of the patent claims 10-16, 
further characterised in: 

- device (112) for storing of request for a data 
connection to the unique network address. 

18. Device as claimed in patent claim 17, further 
characterised in: 

- device (112) for deletion of the stored request for 
the data connection. 
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